Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1034
Views
0
Helpful
1
Replies

icmp question on the pix

ewieczorek
Level 1
Level 1

‎03-27-2002 10:31 AM - edited ‎02-20-2020 10:00 PM

Hi..

I don't want anyone, on the outside, to be able to ping my outside interface of my pix 515. So, I issued the following commands...

icmp deny any echo-reply outside

icmp permit any unreachable outside

The problem I have now is that my inside hosts can't ping to the outside world.

Any thoughts on what I may need to do to allow this, at the same time don't allow anyone on the internet to ping my outside interface??

Thanks.

0 Helpful
1 Reply 1

David White
Cisco Employee
Cisco Employee

‎04-01-2002 08:42 AM

The "icmp" command only applies to ICMP traffic destined to the PIX, not to ICMP traffic through the PIX.

Also, you may want to change your deny statement to read:

icmp deny any echo outside

for traffic through the PIX, try turning on "debug icmp trace" and then ping from a host on the inside to something on the Internet. On the PIX you should see the echo-request go out and the echo-reply come back in.

Sincerely,

David.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card